[clang][Interp] Makre sure we don't overflow Descriptor::AllocSize

We allocate the metadata and the array elements in one allocation,
and we save its size in a field of type 'unsigned'. Makre sure the
full size of the allocation doesn't overflow the field.

Author: tbaederr

clang/lib/AST/Interp/Descriptor.cpp

@@ -303,6 +303,7 @@ Descriptor::Descriptor(const DeclTy &D, PrimType Type, MetadataSize MD,
       IsArray(true), CtorFn(getCtorArrayPrim(Type)),
       DtorFn(getDtorArrayPrim(Type)), MoveFn(getMoveArrayPrim(Type)) {
   assert(Source && "Missing source");
+  assert(NumElems <= (MaxArrayElemBytes / ElemSize));
 }
 
 /// Primitive unknown-size arrays.

clang/lib/AST/Interp/Descriptor.h

@@ -13,6 +13,7 @@
 #ifndef LLVM_CLANG_AST_INTERP_DESCRIPTOR_H
 #define LLVM_CLANG_AST_INTERP_DESCRIPTOR_H
 
+#include "PrimType.h"
 #include "clang/AST/Decl.h"
 #include "clang/AST/Expr.h"
 
@@ -125,6 +126,11 @@ struct Descriptor final {
   static constexpr MetadataSize InlineDescMD = sizeof(InlineDescriptor);
   static constexpr MetadataSize GlobalMD = sizeof(GlobalInlineDescriptor);
 
+  /// Maximum number of bytes to be used for array elements.
+  static constexpr unsigned MaxArrayElemBytes =
+      std::numeric_limits<decltype(AllocSize)>::max() - sizeof(InitMapPtr) -
+      align(std::max(*InlineDescMD, *GlobalMD));
+
   /// Pointer to the record, if block contains records.
   const Record *const ElemRecord = nullptr;
   /// Descriptor of the array element.